Hi, On Tue, Feb 24, 2015 at 03:56:46PM +0000, Phil Mayers wrote:
On 24/02/15 15:54, Alan DeKok wrote:
Arran and I have spent a fair bit of time the last 3 months hammering the daylights out of 3.0.x, to be sure it’s OK. It now builds cleanly under 3 different static analysis tools. It has a suite of regression tests. And it’s running in production in multiple environments.
I can totally understand wanting to get 3.0.x stable. If it's disruptive, don't add it.
Hopefully not - it essentially (in its current form) adds a new option to choose the ntlm/mschap auth type, and only uses the new code if that is set to the right value. Otherwise it calls ntlm_auth exactly as before. I've had about 4.6 million auths through the do_auth_wbclient code across the last week, and still going strong, so hopefully it's good enough :). The current pull request isn't quite ready to merge as-is, though the code is essentially the same. I added a new config option "auth_method" to choose the method that mschap should use for auth (rather than the current heuristic of "is ntlm_auth defined"). So the question is whether that is the best way to set the method, and whether the defaults are right. https://github.com/FreeRADIUS/freeradius-server/pull/848/files#diff-955fd7c4... I guess this also all depends on what the timescales for FR3.1 are, too! It's possible that the best way is to only the minimal config option now (which might not be the tidiest or most logical), and then completely revisit and tidy up the way mschap is configured for FR 3.1 or, more likely, FR 4. Cheers, Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>